Identifying traffic logged by ipfw

[Ben Beuchler]

I'm working on a new bridging firewall using ipfw on FBSD 5.1.  The goal
is to default to closed with a few exceptions.  To test my ruleset, I end
with this rule:

add 420 allow log ip from any to any

The idea is that by watching the logs I could see what protocols I forgot
to create rules for.  This is what I'm getting in the logs:

Apr 16 16:43:40 bfw kernel: ipfw: 420 Accept MAC in via em2

I'm guessing this means it's matching non-ip traffic, but I couldn't find
any info to confirm this.  Is there any sort of trick I could use to log
the entire packet?  Since nothing about the source or destination was
logged, I don't have enough info to create a tcpdump filter.  Perhaps some
sort of divert rule?

Thanks!

-Ben

-- 
Ben Beuchler                                           There is no spoon.
insyte at emt-p.org                                            -- The Matrix